INCANTO Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | September 18, 2017 |
| Last Seen: | February 22, 2020 |
| OS(es) Affected: | Windows |
The INCANTO Ransomware is an encryption ransomware Trojan that was first observed on September 16, 2017, being used to attack computers that run the Windows operating system. The INCANTO Ransomware is being distributed through spam email messages that include corrupted attached files. To download the INCANTO Ransomware onto the victim's computer, these files will use macro scripts. Once the INCANTO Ransomware is installed on the victim's computer, the INCANTO Ransomware will use amixture of the RSA and AES encryptions to encrypt the victim's data and make it unreadable. Essentially, the INCANTO Ransomware takes the victim's files hostage. The INCANTO Ransomware then demands the payment of a ransom by displaying a ransom note on the victim's computer.
The Consequences of an INCANTO Ransomware Attack
The INCANTO Ransomware targets the user-generated files, which may include photos, audio, texts, spreadsheets, configuration files, and countless other file types. Typically, ransomware Trojans like the INCANTO Ransomware seek to take over the victim's files but allow the Windows operating system to remain functional so that the victim will read the ransom note and pay the ransom amount in exchange for the decryption key needed to restore files affected by the INCANTO Ransomware attack. The INCANTO Ransomware will mark the files encrypted by the attack by adding the file extension '.INCANTO' to the end of each affected file's name. The INCANTO Ransomware will target the following file types in its attack:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg, .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr.
How the INCANTO Ransomware Demands a Ransom from the Victim
The INCANTO Ransomware will drop a file named '!!!GetBackData!!!.txt' at various locations on the victim's computer after encrypting the victim's files. The INCANTO Ransomware's ransom note is contained in this file, which alerts the victim of the attack and claims that it is necessary to contact the con artists at a particular email address. Computer users must refrain from paying the INCANTO Ransomware ransom amount. It is very unlikely that the people responsible for the INCANTO Ransomware will keep their word and provide the means to recover the affected files. The INCANTO Ransomware uses some variant of the following ransom note to alert the victim of the attack:
'All your important files were encrypted on this PC.
All files with .INCANTO extension are encrypted.
Encryption was produced using unique private key RSA-1024 generated for this computer.
To decrypt your files, you need to obtain private key + decrypt software.
The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet.
To retrieve the private key, you need to contact us by email incantofiles@bitmessage.ch send us an email your !!!GetBackData!!!.txt file and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-2 not very big encrypted files and we wills end you back it in a decrypted form free.
To send files you can use http://dropmefiles.com/
Your personal id: [redacted]
E-mail address to contact us:
incantofiles@bitmessage.ch
Reserve email address to contact us:
incantofiles@india.com'
Unfortunately, once the INCANTO Ransomware has encrypted the victim's files, they will no be available anymore. This is why you should prevent the loss of your data in the event of an INCANTO Ransomware infection. The best way to be protected against this threat is to use a reliable backup method to keep backup copies of your files.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.